NAME

remctld - Server for remctl, a remote command execution utility

SYNOPSIS

remctld [-dhmv] [-fconfig] [-pport] [-sservice]

DESCRIPTION

remctld is the server for remctl. It accepts a connection from remctl,
receives the command to execute and the arguments, verifies
authorization of the user and executes the command, returning the
result back to the client. All connections are authenticated using
GSSAPI Kerberos V, and all transmissions are also encrypted using
Kerberos.
remctld is normally started using tcpserver or from inetd, but it may
be run in stand-alone mode as a daemon using -m. Either -s must be
given to use an alternate identity (which will require the same flag be
used for remctl client invocations), or It must be run as root to read
the host keytab file. remctld logs its activity using syslog (the
daemon facility).
The location of the configuration file may be specified with the -f
option. The default location is /etc/remctl/remctl.conf. For
information on the format of the configuration file, see "CONFIGURATION
FILE" below.

OPTIONS

-d Verbose debug logging to syslog.
-fconfig
The configuration file for remctld, overriding the default path.
-h Show a brief usage message and then exit.
-m Enable stand-alone mode. remctld will listen to its configured
port, 4444 by default, and handle incoming connections one at a
time. This is mostly useful for debugging purposes.
-pport
When running in stand-alone mode, Listen on port port rather than
4444, the default. This option does nothing unless used with -m.
-sservice
This option is used to specify the Kerberos service principal for
remctld to run as, the default is the server host principal:
"host/<machinename>.stanford.edu"
-v Print the version of remctld and exit.

CONFIGURATIONFILE

The configuration file defines the allowed commands and specifies
access control information. The configuration file format is lines of
space- or tab-separated strings, where each line is:
type service executable [logmask=n[,...]] {aclfile}+
Blank lines and lines beginning with "#" are ignored. Lines can be
continued on the next line by ending them with a backslash ("\"). Be
aware that comments can be continued with a backslash as well.
As a special case, a line like:
include file
will include file as if its contents were pasted verbatim into the
configuration file at that point. file may be a directory, in which
case all files whose names do not contain a period found in that
directory will be included (in no particular order). file should be a
fully qualified path.
The meaning of these fields is:
type
The type of the command being requested, such as "afs" for the afs
volume backend. This is used to group commands together into a
class and allows all commands in the same class to be passed to the
same backend program.
service
The service within the type being requested, such as "release" for
the afs volume backend. The keyword ALL may be used instead of the
service to specify an executable and aclfiles for the entire type
in one line. The service is always passed as the first argument to
the executable program that is listed for that service.
executable
The full path to the commmand executable to run for this type-
service combination. (See examples below.)
logmask=n[,...]
Limit logging of command arguments. Any argument listed in the
logmask list will have its value logged as "**MASKED**". This is
to avoid logging the arguments of commands that take privileged
information.
For example, if the command is "admin passwd {username} {passwd}",
then you’d want to set logmask to 3, so the password argument gets
logged as "**MASKED**".
aclfile
The full paths of one or more access control files, each containing
one Kerberos v5 principal per line, such as
"username@stanford.edu". Blank lines and lines beginning with "#"
are ignored in the ACL files. As a special case, a line like:
include file
in an ACL file includes other ACL files and is handled identically
to the include directive in configuration files.
The keyword ANYUSER may be used instead of the aclfiles to allow
access to all users. Note the user still needs to authenticate to
remctld, this only affects authorization. This can be used for
backend programs that want to check ACLs themselves and will
retrieve the authenticated principal from the REMUSER environment
variable.

EXAMPLES

Typically remctld is to be started as follows, where "hostname" is the
machine where remctld will run, and 4444 is the port:
tcpserver hostname 4444 remctld
The equivalent line for /etc/inetd.conf is:
4444 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/remctld
Example configuration file:
# Comments can be used like this.
accounts create /usr/local/bin/doaccount /etc/acl/group1 /etc/acl/group2
accounts delete /usr/local/bin/doaccount /etc/acl/group3
accounts view /usr/local/bin/doaccount ANYUSER
accounts passwd /usr/local/bin/dopasswd logmask=3 /etc/acl/group1
printing ALL /usr/local/bin/printthing /etc/acl/group2
The commands "accounts create", "accounts delete", and so forth will
all be passed to /usr/local/bin/doaccount with the first argument being
the specific subcommand, with the exception of "accounts passwd". That
command will be passed to /usr/local/bin/dopasswd instead, but it will
still get "passwd" as its first argument. The third argument to
"accounts passwd" (presumably the password) will not be logged to
syslog. All commands starting with "printing" will be passed to
/usr/local/bin/printthing.

AUTHOR

COPYRIGHTANDLICENSE

Copyright 2002, 2003, 2004, 2005, 2006 Board of Trustees, Leland
Stanford Jr. University. All rights reserved.
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Stanford University not
be used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission. Stanford
University makes no representations about the suitability of this
software for any purpose. It is provided "as is" without express or
implied warranty.
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.